Cyber insurers are opting to pay off hackers in ransomware attacks instead of attempting to restore backup files, according to an investigation by ProPublica.

In a ransomware attack, a hacking organisation will shut down an enterprise's core systems or encrypt access to essential data and demand payment for release -- i.e. extortion. Enterprises with strong IT security may have backup files and recovery processes in place, but insurers are finding that it is cheaper in the short-run to pay off the hackers.

The calculus by the insurer is straight forward: Often the potential claim, which covers lost revenue while the insured is unable to operate, is greater than the ransom amount. Hence the carrier pays the ransom. 

MTech Capital portfolio company Corvus recently released a tool that restricts remote desktop access to a network - a key entry point for ransomware attacks. Ransomware claims have fallen by 65% as a result of the initiative.